Vulnerability Description
The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka Bug ID CSCus87938.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Firesight System Software | 5.3.0 |
| Cisco | Sourcefire 3D1000 Sensor | - |
| Cisco | Sourcefire 3D2000 Sensor | - |
| Cisco | Sourcefire 3D2100 Sensor | - |
| Cisco | Sourcefire 3D2500 Sensor | - |
| Cisco | Sourcefire 3D3500 Sensor | - |
| Cisco | Sourcefire 3D4500 Sensor | - |
| Cisco | Sourcefire 3D500 Sensor | - |
| Cisco | Sourcefire 3D6500 Sensor | - |
| Cisco | Sourcefire 3D9900 Sensor | - |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/viewAlert.x?alertId=38905Vendor Advisory
- http://www.securityfocus.com/bid/74709Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1032359Third Party AdvisoryVDB Entry
- http://tools.cisco.com/security/center/viewAlert.x?alertId=38905Vendor Advisory
- http://www.securityfocus.com/bid/74709Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1032359Third Party AdvisoryVDB Entry
FAQ
What is CVE-2015-0739?
CVE-2015-0739 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Cont...
How severe is CVE-2015-0739?
CVE-2015-0739 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-0739?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Firesight System Software, Cisco Sourcefire 3D1000 Sensor, Cisco Sourcefire 3D2000 Sensor, Cisco Sourcefire 3D2100 Sensor, Cisco Sourcefire 3D2500 Sensor.